I am planning on adding an attribute provider for SAML 1.1, similar to SAML 2.0. This would be in the ws-trust SAML 1.1 provider. For the assertion providers (SAML11AssertionTokenProvider and SAML20AssertionTokenProvider), how does it add extra attributes? Use case would be that the assertion consumer service requires extra attribute or a different role from what is provided by the principal.

As for the IDPWebBrowserSSOValve, it should:

- include signature?

- return with html form and post similar to SAML 2.0 for Browser/Post profile?

Is it possible to have just one common SAML provider instead of one for ws-trust and another for assertion? I'm just curious what's the difference of creating SAML for ws-trust and for assertion purposes. If they are the same, then we can use the same mechanism for creating attributes?